<?php
/***************************************************************************
 *
 *   copyright            : (C) 2011 Winds of Storm
 *
 *   $Id: submit.php 167 2013-02-24 02:54:28Z stormerider@gmail.com $
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

require_once("config.php");
$body['class']  = 'row1';
$body['id'] = 'submit';
$body['onload'] = "setFocus(); setButtons();";
$skip_header    = 1;
require_once($libdir . "init." . $phpEx);
require_once($libdir . "chat_functs." . $phpEx);
require_once($libdir . "rooms." . $phpEx);

if (isset($_REQUEST['logout']) && $_REQUEST['logout'] != "") {
    $msg    = '';
    $sql    = "SELECT * FROM {$dbprefix}sessions WHERE session_id='{$_REQUEST['sid']}'";
    $result = $db->sql_query($sql);
    $row    = $db->sql_fetchrow($result);
    if (is_array($row)) {
        $sql    = "SELECT * FROM {$dbprefix}prefs WHERE user_id={$row['user_id']}";
        $result = $db->sql_query($sql);
        $p_row  = $db->sql_fetchrow($result);

        if ($p_row['user_logout_msg']) {
            $lmsg   = addslashes(addslashes($p_row['user_logout_msg']));
            $sql    = "INSERT INTO {$dbprefix}events (user_id_from, user_id_to, room_id_to, event_text, event_date, event_chat_flags)
                    VALUES ({$row['user_id']}, 0, {$row['room_id']}, '<span class=sysmsg><i>*** {$row['username']} $lmsg [logging out]</i></span>', NOW(), 2)";
        } else {
            $sql    = "INSERT INTO {$dbprefix}events (user_id_from, user_id_to, room_id_to, event_text, event_date, event_chat_flags)
                    VALUES ({$row['user_id']}, 0, {$row['room_id']}, '<span class=sysmsg><i>*** {$row['username']} has logged out.</i></span>', NOW(), 2)";
        }
        $result = $db->sql_query($sql);

        $sql    = "UPDATE {$dbprefix}sessions SET room_id=-1 WHERE session_id='{$_REQUEST['sid']}'";
        $result = $db->sql_query($sql);

        $room   = getRoomInfo($row['room_id']);
        if ($room['room_dynamic'] == 'yes') {
            $sql    = "SELECT COUNT(room_id) AS count FROM {$dbprefix}sessions WHERE room_id={$room['room_id']}";
            $result = $db->sql_query($sql);
            $row    = $db->sql_fetchrow($result);

            if ($row['count'] == 0) {
                $sql    = "DELETE FROM {$dbprefix}rooms WHERE room_dynamic='yes' AND room_id={$room['room_id']}";
                $result = $db->sql_query($sql);

                $sql    = "DELETE FROM {$dbprefix}events WHERE room_id_to={$room['room_id']}";
                $result = $db->sql_query($sql);

                $msg    = "<br />Dynamic room '{$room['room_name']}' has been closed (last member logged out).";
            }
        }
    }
    $body['text']   = "<B>Logged out. Click <a target=_top href=index.$phpEx>here</a> to log back in.</b>$msg";
    setDomainText(__FILE__, $header, $_REQUEST['cpsp']);
    showHeader($body, $header);
    exit;
}

$sql    = "SELECT * FROM {$dbprefix}sessions WHERE session_id='{$_REQUEST['sid']}'";
$result = $db->sql_query($sql);
$row    = $db->sql_fetchrow($result);

if (!is_array($row)) {
    showFatalError("<B>Session expired. Click <a target=_top href=index.$phpEx>here</a> to log back in.</b>");
}

$room   = $row['room_id'];
$userid = $row['user_id'];
$isMod  = $row['moderator'];

$sql    = "SELECT * FROM {$dbprefix}prefs WHERE user_id={$userid}";
$result = $db->sql_query($sql);
$p_row  = $db->sql_fetchrow($result);

if ($p_row['user_alias'] != '') {
    $username   = $p_row['user_alias'];
} else {
    $username   = $row['username'];
}

$userinfo['userid'] = $userid;
$userinfo['username']   = $username;
$userinfo['isMod']  = $isMod;

if (isset($_REQUEST['message']) && $_REQUEST['message'] != "") {
    if ($p_row['user_tagline']) {
        $tag    = " (<i>" . addslashes($p_row['user_tagline']) . "</i>)";
    } else {
        $tag    = '';
    }

    $msg_class  = getColorCSS($p_row);
    $msg        = $_REQUEST['message'];
    $rname      = getRoomName($room);
    $userto     = 0;

    $event[0]['msg']    = $msg;
    $event[0]['room']   = $room;
    $event[0]['userto'] = 0;
    $event[0]['sflags'] = 0;
    $event[0]['cflags'] = 0;

    if (eregi("^/me", $msg) && $_REQUEST['userto'] == 0) {
        $msg    = eregi_replace("^/me 's", "<span $msg_class>* $username`s", $msg);
        $msg    = eregi_replace("^/me", "<span $msg_class>* $username", $msg);
        $msg    .= " </span>";

        $event[0]['msg']    = $msg;
    } else if (eregi("^/alias", $msg)) {
        if (strlen($msg) > 7) {
            $alias  = substr($msg, 7);
            if (($err = validAlias($alias, $userid)) == 1) {
                $sql    = "SELECT * FROM {$dbprefix}aliases WHERE user_id=$userid AND user_alias LIKE '$alias'";
                $result = $db->sql_query($sql);
                if (($a_row = $db->sql_fetchrow($result)) != NULL) {
                    $avatar = $a_row['user_avatar'];

                    if ($avatar != '') {
                        $sql    = "UPDATE {$dbprefix}sessions SET avatar_url='$avatar' WHERE user_id=$userid";
                        $db->sql_query($sql);
                    }
                } else {
                    $sql    = "INSERT INTO {$dbprefix}aliases (user_id, user_alias) VALUES ($userid, '$alias')";
                    $db->sql_query($sql);
                }
                
                $sql    = "UPDATE {$dbprefix}prefs SET user_alias='$alias' WHERE user_id=$userid";
                $db->sql_query($sql);

                $event[0]['msg']    = addslashes("<span class=sysmsg><i>*** {$row['username']} assumes the personality of $alias</i></span>");
                $event[0]['cflags'] = 2;
            } else {
                $event[0]['room']   = 0;
                $event[0]['userto'] = $userid;
                $event[0]['msg']    = addslashes("<span class=sysmsg>*** Error: '$alias' is not valid for your use (someone else is already using it?) [code $err -- $userid].</span>");
            }
        } else {
            if ($row['username'] != $username) {
                $sql    = "UPDATE {$dbprefix}prefs SET user_alias='{$row['username']}' WHERE user_id=$userid";
                $db->sql_query($sql);
                $sql    = "UPDATE {$dbprefix}sessions SET avatar_url=board_avatar_url WHERE user_id=$userid AND board_avatar_url!=''";
                $db->sql_query($sql);

                $event[0]['msg']    = addslashes("<span class=sysmsg>*** {$row['username']} resumes their personality.</span>");
                $event[0]['cflags'] = 2;
            } else {
                $sql    = "SELECT * FROM {$dbprefix}aliases WHERE user_id=$userid AND user_alias LIKE '$username'";
                $result = $db->sql_query($sql);
                if (($a_row = $db->sql_fetchrow($result)) != NULL) {
                    $avatar = $a_row['user_avatar'];
                    $sql    = "UPDATE {$dbprefix}sessions SET avatar_url='$avatar' WHERE user_id=$userid";
                    $db->sql_query($sql);
                    $event[0]['cflags'] = 2;
                    $event[0]['msg']    = addslashes("<span class=sysmsg>*** {$row['username']} refreshes their personality.</span>");
                } else {
                    $event[0]['room']   = 0;
                    $event[0]['userto'] = $userid;
                    $event[0]['msg']    = addslashes("<span class=sysmsg>*** Error: you are not currently using an alias.</span>");
                }
            }
        }
    } else if (eregi("^/tempalias", $msg)) {
        if (strlen($msg) > 11) {
            $alias  = substr($msg, 11);
            if (($err = validAlias($alias, $userid)) == 1) {
                $sql    = "UPDATE {$dbprefix}prefs SET user_alias='$alias' WHERE user_id=$userid";
                $result = $db->sql_query($sql);
                $event[0]['msg']    = addslashes("<span class=sysmsg><i>*** {$row['username']} assumes the temporary personality of $alias</i></span>");
                $event[0]['cflags'] = 2;
            } else {
                $event[0]['room']   = 0;
                $event[0]['userto'] = $userid;
                $event[0]['msg']    = addslashes("<span class=sysmsg>*** Error: '$alias' is not valid for your use (someone else is already using it?) [code $err].</span>");
            }
        } else {
            if ($row['username'] != $username) {
                $sql    = "UPDATE {$dbprefix}prefs SET user_alias='{$row['username']}' WHERE user_id=$userid";
                $db->sql_query($sql);
                $sql    = "UPDATE {$dbprefix}sessions SET avatar_url=board_avatar_url WHERE user_id=$userid";
                $db->sql_query($sql);

                $event[0]['msg']    = addslashes("<span class=sysmsg>*** {$row['username']} resumes their personality.</span>");
                $event[0]['cflags'] = 2;
            } else {
                $event[0]['room']   = 0;
                $event[0]['userto'] = $userid;
                $event[0]['msg']    = addslashes("<span class=sysmsg>*** Error: you are not currently using an alias.</span>");
            }
        }
    } else if (eregi("^/tagline", $msg)) {
        if (strlen($msg) > 9) {
            $newtag = substr($msg, 9);
            $newtag = filter_msg($newtag);
            $newtag = stripslashes($newtag);
            if (!eregi("<font", $newtag) && !eregi("<small", $newtag)) {
                $newtag = "<font size=-2>$newtag</font>";
            }
            $msg    = addslashes("<span $msg_class><i>* Changed tagline to '") . $newtag . addslashes("'.</i></span>");
        } else {
            $newtag = '';
            $msg    = addslashes("<span $msg_class><i>* Tagline has been cleared.</i></span>");
        }

        $sql    = "UPDATE {$dbprefix}prefs SET user_tagline='$newtag' WHERE user_id={$userid}";
        $db->sql_query($sql);

        $event[0]['room']   = 0;
        $event[0]['userto'] = $userid;
        $event[0]['msg']    = $msg;
    } else if (eregi("^/noavatars", $msg)) {
        $event[0]['room']   = 0;
        $event[0]['userto'] = $userid;
        $event[0]['cflags'] = 2;
        $event[0]['msg']    = addslashes("<span $msg_class><i>* No longer showing avatars.</i></span>");

        $sql    = "UPDATE {$dbprefix}prefs SET user_show_avatars='1' WHERE user_id={$userid}";
        $db->sql_query($sql);
    } else if (eregi("^/showavatars", $msg)) {
        $event[0]['room']   = 0;
        $event[0]['userto'] = $userid;
        $event[0]['cflags'] = 2;
        $event[0]['msg']    = addslashes("<span $msg_class><i>* Now showing avatars.</i></span>");

        $sql    = "UPDATE {$dbprefix}prefs SET user_show_avatars='0' WHERE user_id={$userid}";
        $db->sql_query($sql);
    } else if (eregi("^/help", $msg)) {
        $event[0]['room']   = 0;
        $event[0]['userto'] = $userid;
        $event[0]['msg']    = addslashes(   "<table><tr><td colspan=2>Help Commands:</td></tr>" .
                            "<tr><th align=center NOWRAP>Command</th><th>Usage</th></tr>" .
                            getHelp() .
                            "</table>");
    } else if (eregi("^/away", $msg)) {
        if (strlen($msg) > 6) {
            $away_msg   = substr($msg, 6);
        } else {
            $away_msg   = '';
        }
        if ($p_row['user_away'] == 1 && $away_msg == '') {
            $away   = 0;
            $msg    = "<span $msg_class><i>* $username has returned from away</i></span>";
        } else if ($p_row['user_away'] == 1 && $away_msg != '') {
            $away   = 1;
            $msg    = "<span $msg_class><i>* $username has changed their away message: $away_msg</i></span>";
        } else {
            $away   = 1;
            if ($away_msg == '') {
                $away_msg   = "AFK";
            }
            $msg    = "<span $msg_class><i>* $username has gone away: $away_msg</i></span>";
        }

        $sql    = "UPDATE {$dbprefix}prefs SET user_away=$away,user_away_msg='$away_msg' WHERE user_id={$userid}";
        $db->sql_query($sql);

        $event[0]['msg']    = $msg;
        $event[0]['cflags'] = 2;
    } else if (eregi("^/wall", $msg)) {
        if ($isMod) {
            $event[0]['room']   = -1;
            $event[0]['msg']    = eregi_replace("^/wall", "", $msg);
            $event[0]['msg']    = "<b><i><span class=user>NOTICE: -$username-</span> <span $msg_class>$msg </span></i></b>";
        } else {
            $event[0]['room']   = 0;
            $event[0]['userto'] = $userid;
            $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: you must be a moderator to use the /wall command.</b></span>";
        }
    } else if (eregi("^/shout", $msg)) {
        if (strlen($msg) > 7) {
            $roomname       = getRoomNameBySession($_REQUEST['sid']);
            $msg            = eregi_replace("^/shout", "", $msg);
            $event[0]['room']   = -1;
            $event[0]['msg']    = "<b><i><span class=user>-$username-</span> <span $msg_class>shouts from $roomname: $msg </span></i></b>";
        } else {
            $event[0]['room']   = 0;
            $event[0]['userto'] = $userid;
            $event[0]['msg']    = addslashes("<span class=sysmsg><b>*** ERROR: format is /shout [msg]</b></span>");
        }
    } else if (eregi("^/ping", $msg)) {
        $event[0]['userto'] = $userid;
        $event[0]['room']   = 0;
        $event[0]['msg']    = "<i>&gt;&gt;&gt;Pong. . .</i>";
    } else if (eregi("^/switch", $msg)) {
        if ($isMod) {
            $room   = substr($msg, 7);
            $sql    = "UPDATE {$dbprefix}sessions SET room_id=$room WHERE session_id='{$_REQUEST['sid']}'";
            $result = $db->sql_query($sql);
            $event[0]['room']   = $room;
            $event[0]['msg']    = "*** $username has rejoined the room.";
        } else {
            $event[0]['userto'] = $userid;
            $event[0]['room']   = 0;
            $event[0]['msg']    = "<i>You are not authorized to use the switch command.</i>";
        }
    } else if (eregi("^/time$", $msg)) {
        $sql    = "SELECT DATE_FORMAT(NOW(), '%a %M %D, %Y @ %h:%i %p') AS cur_time";
        $result = $db->sql_query($sql);
        $trow   = $db->sql_fetchrow($result);

        $event[0]['userto'] = $userid;
        $event[0]['room']   = 0;
        $event[0]['msg']    = "<span class=sysmsg><b>*** Current time is: {$trow['cur_time']}</b></span>";
    } else if (eregi("^/look", $msg)) {
        $sql    = "SELECT *
                FROM
                    {$dbprefix}prefs AS p,
                    {$dbprefix}sessions AS s
                WHERE
                    p.user_id=s.user_id AND
                    s.room_id=$room
                ORDER BY
                    user_alias";
        $result = $db->sql_query($sql);
        $msg    = "<table width=100% border=1><tr><td class=row1>Current room:</td></tr>";
        while ($lrow = $db->sql_fetchrow($result)) {
            $msg    .= "<tr><td class=row1>{$lrow['user_alias']}";
            if ($lrow['username'] != $lrow['user_alias']) {
                $msg    .= " ({$lrow['username']})";
            }
            if ($lrow['user_away']) {
                $msg    .= " -- away message: {$lrow['user_away_msg']}";
            }
            $msg    .= "</td></tr>";
        }
        $msg    .= "</table>";

        $event[0]['userto'] = $userid;
        $event[0]['room']   = 0;
        $event[0]['msg']    = $msg;
    } else if (eregi("^/topic", $msg)) {
        if ($isMod) {
            if (strlen($msg) > 7) {
                $topic  = stripslashes(filter_msg(substr($msg, 7)));
                $dtopic = filter_msg(substr($msg, 7));
            } else {
                $topic  = '';
            }

            $sql    = "UPDATE {$dbprefix}rooms SET room_topic='$dtopic' WHERE room_id=$room";
            $result = $db->sql_query($sql);

            $event[0]['msg']    = addslashes("<span class=sysmsg>*** $username changes the topic to '$topic'</span>");
            $event[0]['cflags'] = 1;
        } else {
            $event[0]['userto'] = $userid;
            $event[0]['room']   = 0;
            $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: you must be a moderator to use the /topic command.</b></span>";
        }
    } else if (eregi("^/kick ", $msg)) {
        if ($isMod) {
            $msg = stripslashes($msg);

            if (eregi("^/kick '([^']*)' (.*)", $msg, $matches)) {
                $user   = $matches[1];
                $pm = $matches[2];
            } else if (eregi("^/kick \"([^']*)\" (.*)", $msg, $matches)) {
                $user   = $matches[1];
                $pm = $matches[2];
            } else if (eregi("^/kick ([^ ]*) (.*)", $msg, $matches)) {
                $user   = $matches[1];
                $pm = $matches[2];
            } else {
                $event[0]['userto'] = $userid;
                $event[0]['room']   = 0;
                $event[0]['msg']    = addslashes("<span class=sysmsg><b>*** ERROR: could not parse the '/kick' command.</b></span>");
            }

            if ($room != 0) {
                print("<!-- pm to '$user': '$pm' -->\n");
                $uid    = getOnlineUserIdByName($user);

                if ($userto == -1) {
                    $event[0]['userto'] = $userid;
                    $event[0]['room']   = 0;
                    $event[0]['msg']    = addslashes("<span class=sysmsg><b>*** ERROR: '$user' is not online to /kick: $pm.</b></span>");
                } else {
                    $event[1]['userto'] = $uid;
                    $event[1]['room']   = 0;
                    $event[1]['msg']    = addslashes("<b><span $msg_class>*** </span><span class=user>$username{$tag} </span><span $msg_class> has kicked you from $rname: $pm </span></b>");

                    $event[0]['msg']    = addslashes("<b><span $msg_class>*** </span><span class=user>$username{$tag}</span><span $msg_class> has kicked </span><span class=user>$user</span><span $msg_class> from $rname: $pm </span></b>");
                    $event[0]['cflags'] = 2;

                    $sql    = "UPDATE {$dbprefix}sessions SET room_id=-2 WHERE user_id=$uid";
                    $db->sql_query($sql);
                }
            }
        } else {
            $event[0]['userto'] = $userid;
            $event[0]['room']   = 0;
            $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: you must be a moderator to use the /kick command.</b></span>";
        }
    } else if (eregi("^/msg ", $msg)) {
        $msg = stripslashes($msg);

        if (eregi("^/msg '([^']*)' (.*)", $msg, $matches)) {
            $user   = $matches[1];
            $pm = $matches[2];
        } else if (eregi("^/msg \"([^']*)\" (.*)", $msg, $matches)) {
            $user   = $matches[1];
            $pm = $matches[2];
        } else if (eregi("^/msg ([^ ]*) (.*)", $msg, $matches)) {
            $user   = $matches[1];
            $pm = $matches[2];
        } else {
            $event[0]['userto'] = $userid;
            $event[0]['room']   = 0;
            $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: could not parse the '/msg' command.</b></span>";
        }

        if ($room != 0) {
            print("<!-- pm to '$user': '$pm' -->\n");
            $pm = addslashes($pm);
            $user   = addslashes($user);
            $user_s = getSessionPrefsByName($user);

            if ($user_s == -1) {
                $event[0]['userto'] = $userid;
                $event[0]['room']   = 0;
                $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: \'$user\' is not online to /msg: $pm.</b></span>";
            } else if ($user_s['user_allow_pms'] == 1) {
                $event[0]['userto'] = $userid;
                $event[0]['room']   = 0;
                $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages.</b></span>";
            } else if ($user_s['user_allow_ext_pms'] == 1 && !checkUserRoomById($user_s['user_id'], $room)) {
                $event[0]['userto'] = $userid;
                $event[0]['room']   = 0;
                $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages from other rooms.</b></span>";
            } else {
                $user   = $user_s['user_alias'];
                $event[0]['room']   = 0;
                $event[0]['userto'] = $userid;
                $event[0]['msg']    = "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message to </span><span class=user>$user</span><span $msg_class>: $pm </span></td></tr></table>";

                $event[1]['room']   = 0;
                $event[1]['userto'] = $user_s['user_id'];
                $event[1]['msg']    = "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message from </span><span class=user>$username{$tag}</span><span $msg_class>: $pm </span></td></tr></table>";

                if ($user_s['user_away'] == 1) {
                    $event[2]['room']   = 0;
                    $event[2]['userto'] = $userid;
                    $event[2]['msg']    = "<table width=100% border=1><tr><td class=row1><span $msg_class>Away Message from </span><span class=user>$user</span><span $msg_class>: {$user_s['user_away_msg']}</span></td></tr></table>";
                }
            }
        }
    } else if (ereg("^/", $msg) && !eregi("^/me", $msg)) {
        $event[0]['parsed'] = 0;
        foreach ($plugins as $plugin) {
            if (($config[$plugin['FUNC']] == 'enabled') && (eregi("command", $plugin['TYPE']))) {
                call_user_func_array($plugin['FUNC'], array($userinfo, &$event));
            }
        }

        if ($event[0]['parsed'] == 0) {
            $event[0]['room']   = 0;
            $event[0]['userto'] = $userid;
            $event[0]['msg']    = addslashes("<span class=sysmsg><b>*** Error: unknown command '$msg'</b></span>");
        }
    } else if ($_REQUEST['userto'] != 0) {
        $userto = $_REQUEST['userto'];
        $user_s = getSessionPrefsById($userto);

        $event[0]['room']   = 0;
        $event[0]['userto'] = $userid;

        if ($user_s == -1) {
            $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: User is no longer online to private msg.</b></span>";
        } else if ($user_s['user_allow_pms'] == 1) {
            $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages.</b></span>";
        } else if ($user_s['user_allow_ext_pms'] == 1 && !checkUserRoomById($_REQUEST['userto'], $room)) {
            $event[0]['msg']    = "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages from other rooms.</b></span>";
        } else {
            $user   = $user_s['user_alias'];

            if (!eregi("^/me", $msg)) {
                $pm = $msg;

                $event[1]['msg']    = "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message from </span><span class=user>$username{$tag}</span><span $msg_class>: $pm </span></td></tr></table>";
                $event[1]['userto'] = $userto;
                $event[1]['room']   = 0;
            } else {
                $pm = eregi_replace("^/me 's", "* </span><span class=user>$username</span><span $msg_class>'s", $msg);
                $pm = eregi_replace("^/me", "* </span><span class=user>$username</span><span $msg_class>", $pm);

                $event[1]['msg']    = "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message: $pm </span></td></tr></table>";
                $event[1]['userto'] = $userto;
                $event[1]['room']   = 0;
            }

            $event[0]['msg']    = "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message to </span><span class=user>$user</span><span $msg_class>: $pm</span></td></tr></table>";

            if ($user_s['user_away'] == 1) {
                $event[2]['msg']    = addslashes("<table width=100% border=1><tr><td class=row1><span $msg_class>Away Message from </span><span class=user>$user</span><span $msg_class>: {$user_s['user_away_msg']}</span></td></tr></table>");
                $event[2]['room']   = 0;
                $event[2]['userto'] = $userid;
            }
        }
    } else {
        //$msg          = addslashes($msg);
        $event[0]['msg']    = "<span class=user>-$username{$tag}-</span> <span $msg_class>$msg </span>";
    }

    foreach ($event as $thisevent) {
        $msg    = filter_msg($thisevent['msg']);
        $userto = $thisevent['userto'];
        $room   = $thisevent['room'];

        print("<!-- MESSAGE: $msg -->\n");
        print("<!-- USER TO: $userto -->\n");
        print("<!-- ROOM: $room -->\n");

        //if ($_REQUEST['userto'] != 0 && $userto == 0) {
            //$userto   = $_REQUEST['userto'];
            //print("<!-- REMAPPED USER TO VIA SELECT: $userto -->\n");
        //}

        $sqla   = '';   $sqlb   = '';
        if ($thisevent['cflags']) {
            $sqla   .= ", event_chat_flags";
            $sqlb   .= ", {$thisevent['cflags']}";
        }

        if ($thisevent['sflags']) {
            $sqla   .= ", event_server_flags";
            $sqlb   .= ", {$thisevent['sflags']}";
        }

        $sql    = "INSERT INTO {$dbprefix}events (user_id_from, user_id_to, room_id_to, event_text, event_date$sqla)
                VALUES ({$userid}, $userto, $room, '$msg', NOW()$sqlb)";

        //print("<!-- SQL: $sql -->\n");
        //$db->add_to_log($sql);
        $result = $db->sql_query($sql);
    }

    $sql    = "UPDATE {$dbprefix}sessions SET idle_timer=0,idle_warning=0 WHERE session_id='{$_REQUEST['sid']}'";
    $result = $db->sql_query($sql);
}

if (isset($_REQUEST['pastebox'])) {
    print("<script language=javascript>\nself.close()\n</script>\n");
    exit;
}

setDomainText(__FILE__, $header, $_REQUEST['cpsp']);
showHeader($body, $header, array('chat_functions.js'));

$template = new Template($config['TPL_DIR']);
$template->set_filenames(array('body' => 'submit_body.tpl'));

$userto = -1;
if (isset($_REQUEST['userto'])) {
    $userto = $_REQUEST['userto'];
}
$room_list  = getRoomUsers($row['room_id'], $userto);

if (isset($_REQUEST['multiline']) && $_REQUEST['multiline'] == 'on') {
    $ml = "off";
    $ml_l   = "Single-Line";
} else {
    $ml = "on";
    $ml_l   = "Multi-Line";
}

$template->assign_vars(array(
    'U_SUBMIT'          => "submit.$phpEx",
    'U_FORUMS'          => $config['FORUM_LINK_URL'],
    'U_WHOSON'          => "whoson.$phpEx?sid={$_REQUEST['sid']}",
    'U_MULTISINGLE'     => "submit.$phpEx?multiline=$ml&sid={$_REQUEST['sid']}&cpsp={$_REQUEST['cpsp']}",
    'U_PASTEBOX'        => "javascript:ML.popup('{$_REQUEST['sid']}');",
    'U_HELP'            => "help.$phpEx",
    'U_OPTIONS'         => "options.$phpEx?sid={$_REQUEST['sid']}",
    'U_ALIASES'         => "aliases.$phpEx?sid={$_REQUEST['sid']}",
    'U_SMILIES_PATH'    => $smilies_path,
    'U_BASEURL'         => getBaseURI(),

    'L_MULTISINGLE'     => $ml_l,
    'L_FORUMS'          => $config['FORUM_NAME'],

    'CPSP'              => $_REQUEST['cpsp'],
    'SID'               => $_REQUEST['sid'],
    'ROOM_LIST'         => $room_list,
));

if ($isMod) {
    $template->assign_block_vars('switch_show_admin', array(
        'U_ADMIN'   => $config['CHAT_URL'].'/admin/'
    ));
}

if (isset($_REQUEST['multiline']) && $_REQUEST['multiline'] == "on") {
    $template->assign_block_vars('switch_multiline', array());
} else {
    $template->assign_block_vars('switch_singleline', array());
}

if ($p_row['user_show_smilies'] == 0 && !$DISABLE_SMILIES) {
    $template->assign_block_vars('switch_smilies', array());
    $sql    = "SELECT * FROM $smilies_table GROUP BY $smile_url_field $smilies_limit";
    if ($result = $db->sql_query($sql)) {
        while ($row = $db->sql_fetchrow($result)) {
            $template->assign_block_vars('switch_smilies.smilies', array(
                'PATTERN'   => $row[$smile_pattern_field],
                'URL'       => $row[$smile_url_field]
            ));
        }
    }
}

$template->pparse('body');
